1 /*
2 * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23 import java.util.Arrays;
24 import javax.net.ssl.SSLServerSocket;
25 import javax.net.ssl.SSLSocket;
26
27 /*
28 * @test
29 * @bug 8234728
30 * @library /javax/net/ssl/templates
31 * /javax/net/ssl/TLSCommon
32 * /lib/security
33 * @summary Test TLS ciphersuites order.
34 * Parameter order: <protocol> <client cipher order> <server cipher order>
35 * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED default
36 * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED default
37 * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED UNORDERED
38 * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED ORDERED
39 * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED default
40 * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED default
41 * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED UNORDERED
42 * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED ORDERED
43 * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED default
44 * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED default
45 * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED UNORDERED
46 * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED ORDERED
47 * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED default
48 * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED default
49 * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED UNORDERED
50 * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED ORDERED
51 */
52 public class TLSCipherSuitesOrder extends SSLSocketTemplate {
53
54 private final String protocol;
55 private final String[] servercipherSuites;
56 private final String[] clientcipherSuites;
57
58 public static void main(String[] args) {
59 PROTOCOL protocol = PROTOCOL.valueOf(args[0]);
60 try {
61 new TLSCipherSuitesOrder(protocol.getProtocol(),
62 protocol.getCipherSuite(args[1]),
63 protocol.getCipherSuite(args[2])).run();
64 } catch (Exception e) {
65 throw new RuntimeException(e);
66 }
67 }
68
69 private TLSCipherSuitesOrder(String protocol, String[] clientcipherSuites,
70 String[] servercipherSuites) {
71 // Re-enable protocol if it is disabled.
72 if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
73 SecurityUtils.removeFromDisabledTlsAlgs(protocol);
74 }
75 this.protocol = protocol;
76 this.clientcipherSuites = clientcipherSuites;
77 this.servercipherSuites = servercipherSuites;
78 }
79
80 // Servers are configured before clients, increment test case after.
81 @Override
82 protected void configureClientSocket(SSLSocket socket) {
83 socket.setEnabledProtocols(new String[]{protocol});
84 if (clientcipherSuites != null) {
85 socket.setEnabledCipherSuites(clientcipherSuites);
86 }
87 }
88
89 @Override
90 protected void configureServerSocket(SSLServerSocket serverSocket) {
91 serverSocket.setEnabledProtocols(new String[]{protocol});
92 if (servercipherSuites != null) {
93 serverSocket.setEnabledCipherSuites(servercipherSuites);
94 }
95 }
96
97 protected void runServerApplication(SSLSocket socket) throws Exception {
98 if (servercipherSuites != null) {
99 System.out.printf("SERVER: setEnabledCipherSuites:%s - "
100 + "getEnabledCipherSuites:%s%n",
101 Arrays.deepToString(servercipherSuites),
102 Arrays.deepToString(socket.getEnabledCipherSuites()));
103 }
104 if (servercipherSuites != null && !Arrays.equals(servercipherSuites,
105 socket.getEnabledCipherSuites())) {
106 throw new RuntimeException("Unmatched server side CipherSuite order");
107 }
108 super.runServerApplication(socket);
109 }
110
111 protected void runClientApplication(SSLSocket socket) throws Exception {
112 if (clientcipherSuites != null) {
113 System.out.printf("CLIENT: setEnabledCipherSuites:%s - "
114 + "getEnabledCipherSuites:%s%n",
115 Arrays.deepToString(clientcipherSuites),
116 Arrays.deepToString(socket.getEnabledCipherSuites()));
117 }
118 if (clientcipherSuites != null && !Arrays.equals(
119 clientcipherSuites, socket.getEnabledCipherSuites())) {
120 throw new RuntimeException("Unmatched client side CipherSuite order");
121 }
122 super.runClientApplication(socket);
123 }
124
125 enum PROTOCOL {
126 TLSv13("TLSv1.3",
127 new String[]{
128 "TLS_AES_256_GCM_SHA384",
129 "TLS_AES_128_GCM_SHA256"},
130 new String[]{
131 "TLS_AES_128_GCM_SHA256",
132 "TLS_AES_256_GCM_SHA384"}),
133 TLSv12("TLSv1.2",
134 new String[]{
135 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
136 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
137 new String[]{
138 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
139 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}),
140 TLSv11("TLSv1.1",
141 new String[]{
142 "TLS_RSA_WITH_AES_256_CBC_SHA",
143 "TLS_RSA_WITH_AES_128_CBC_SHA"},
144 new String[]{
145 "TLS_RSA_WITH_AES_128_CBC_SHA",
146 "TLS_RSA_WITH_AES_256_CBC_SHA"}),
147 TLSv1("TLSv1",
148 new String[]{
149 "TLS_RSA_WITH_AES_256_CBC_SHA",
150 "TLS_RSA_WITH_AES_128_CBC_SHA"},
151 new String[]{
152 "TLS_RSA_WITH_AES_128_CBC_SHA",
153 "TLS_RSA_WITH_AES_256_CBC_SHA"});
154
155 String protocol;
156 String[] orderedCiphers;
157 String[] unOrderedCiphers;
158
159 private PROTOCOL(String protocol, String[] orderedCiphers,
160 String[] unOrderedCiphers) {
161 this.protocol = protocol;
162 this.orderedCiphers = orderedCiphers;
163 this.unOrderedCiphers = unOrderedCiphers;
164 }
165
166 public String getProtocol() {
167 return protocol;
168 }
169
170 public String[] getOrderedCiphers() {
171 return orderedCiphers;
172 }
173
174 public String[] getUnOrderedCiphers() {
175 return unOrderedCiphers;
176 }
177
178 public String[] getCipherSuite(String order) {
179 switch (order) {
180 case "ORDERED":
181 return getOrderedCiphers();
182 case "UNORDERED":
183 return getUnOrderedCiphers();
184 default:
185 return null;
186 }
187 }
188 }
189 }